Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
File: 9387863c-57eb-495e-863a-5f309d45c90f.roa (raw, json)
Hash identifier: uLSnG0Yqxs/1/e3JZhCZYV6yeX9F1/6C7G6tde0osyM=
Subject key identifier: F2:6B:63:AD:09:B2:68:0A:DD:26:78:49:28:C2:FD:08:38:FE:F2:C1
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 67F59BC494D1C27507EBD790ED793C4190F1FA89
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
Signing time: Fri 07 Nov 2025 20:36:53 +0000
ROA not before: Fri 07 Nov 2025 20:36:53 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:f5:9b:c4:94:d1:c2:75:07:eb:d7:90:ed:79:3c:41:90:f1:fa:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:53 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=b42692d5ce92dd296c048609e0e142179c3fb88372bd8ab0067eecb76978d7d1, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ff:24:da:32:4e:3b:11:23:bc:a8:4d:e7:1a:
d1:e3:13:5d:15:3d:99:de:be:2f:7d:17:4d:d8:81:
c9:f6:34:be:d7:18:39:d7:0f:ed:a7:06:33:41:ea:
23:5f:89:e3:0e:15:1e:08:d8:c7:e2:0c:45:38:1b:
c9:57:42:54:00:34:31:c0:2c:aa:a6:08:4e:53:1f:
79:57:83:2e:e3:fb:a8:77:86:e8:bd:40:78:b6:1b:
0d:62:f1:65:00:63:d7:24:ec:53:34:20:d2:6e:82:
9f:ec:f5:81:f0:de:fe:67:3c:ea:31:53:0e:a6:19:
7d:93:0b:73:20:4d:0a:1b:c9:a5:49:85:23:50:c1:
1e:77:35:bb:f4:45:98:91:67:96:cc:3e:e2:27:44:
4f:44:44:c1:3c:5f:bf:e8:3d:61:23:d0:98:34:2d:
35:02:a1:fd:ee:27:07:e8:ca:26:47:b4:79:d4:f0:
e2:7f:7e:4e:cf:92:48:cb:2e:7f:a6:b8:3b:64:f8:
6e:0e:c4:37:8d:a9:7c:9e:65:1e:20:3e:4c:f0:0a:
7d:00:0b:cc:18:0c:e8:87:5e:06:a6:7c:e4:72:4b:
03:d2:0a:6e:a3:93:85:b6:9a:59:b9:7d:e6:8b:e3:
6d:fc:93:0b:23:d5:3a:ba:3b:b0:48:94:01:cd:49:
af:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:6B:63:AD:09:B2:68:0A:DD:26:78:49:28:C2:FD:08:38:FE:F2:C1
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6800::/40
Signature Algorithm: sha256WithRSAEncryption
7a:18:a6:b3:f5:a7:27:9e:ce:3e:6a:f1:1c:36:b8:75:2b:19:
51:a3:c6:75:78:4e:f6:c0:44:46:6f:6f:3e:15:2b:c3:31:58:
96:e0:0b:11:db:2b:e8:dc:f7:66:30:b0:e0:2d:d8:7f:37:f0:
8c:36:8f:1c:df:21:84:b6:db:3a:6c:73:5b:5d:78:d9:0b:fe:
c5:ec:d1:a1:85:d0:b6:eb:af:09:56:98:45:d4:24:b3:08:7f:
3c:44:c8:b2:54:b2:d6:58:f7:54:06:84:d1:05:af:08:e9:10:
d6:cd:bb:24:60:f5:6b:3f:c0:6b:0a:9c:f9:59:63:c6:c5:ee:
d8:f3:83:7b:66:61:e0:89:43:b6:8a:12:4c:38:00:4c:20:d1:
b1:55:ec:e6:b3:4a:63:b3:31:1b:1f:db:76:90:12:35:00:66:
56:b8:50:6b:8a:c9:e5:67:7c:9e:52:2e:e7:27:cc:ce:2b:20:
1e:a9:8b:79:d1:8e:f0:42:42:3f:f7:bb:d4:e7:5b:c4:01:a3:
54:9e:38:bf:36:fc:0c:51:19:ca:9d:64:76:18:ed:65:c5:04:
79:c3:8c:95:94:2d:d9:7d:6d:f0:ac:70:84:94:d0:aa:2c:c9:
7f:dd:39:3b:4e:0e:fd:07:93:b1:d1:29:91:69:63:bb:95:c1:
58:07:12:91
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZ/WbxJTRwnUH69eQ7Xk8QZDx+okwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTNaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0MjY5MmQ1Y2U5MmRkMjk2YzA0ODYwOWUwZTE0MjE3OWMzZmI4ODM3MmJk
OGFiMDA2N2VlY2I3Njk3OGQ3ZDExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKD/JNoyTjsRI7yoTeca0eMTXRU9md6+L30XTdiByfY0vtcYOdcP7acGM0Hq
I1+J4w4VHgjYx+IMRTgbyVdCVAA0McAsqqYITlMfeVeDLuP7qHeG6L1AeLYbDWLx
ZQBj1yTsUzQg0m6Cn+z1gfDe/mc86jFTDqYZfZMLcyBNChvJpUmFI1DBHnc1u/RF
mJFnlsw+4idET0REwTxfv+g9YSPQmDQtNQKh/e4nB+jKJke0edTw4n9+Ts+SSMsu
f6a4O2T4bg7EN42pfJ5lHiA+TPAKfQALzBgM6IdeBqZ85HJLA9IKbqOThbaaWbl9
5ovjbfyTCyPVOro7sEiUAc1Jr1UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTya2Ot
CbJoCt0meEkowv0IOP7ywTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OTM4Nzg2M2MtNTdlYi00OTVlLTg2M2EtNWYzMDlkNDVjOTBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8do
MA0GCSqGSIb3DQEBCwUAA4IBAQB6GKaz9acnns4+avEcNrh1KxlRo8Z1eE72wERG
b28+FSvDMViW4AsR2yvo3PdmMLDgLdh/N/CMNo8c3yGEtts6bHNbXXjZC/7F7NGh
hdC2668JVphF1CSzCH88RMiyVLLWWPdUBoTRBa8I6RDWzbskYPVrP8BrCpz5WWPG
xe7Y84N7ZmHgiUO2ihJMOABMINGxVezms0pjszEbH9t2kBI1AGZWuFBrisnlZ3ye
Ui7nJ8zOKyAeqYt50Y7wQkI/97vU51vEAaNUnji/NvwMURnKnWR2GO1lxQR5w4yV
lC3ZfW3wrHCElNCqLMl/3Tk7Tg79B5Ox0SmRaWO7lcFYBxKR
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:06 2025 by rpki-client